May 31 2016

Cybersecurity: Credit Unions in the Crosshairs

Cybersecurity is a top-of-mind priority for credit unions of every size. But how can credit unions with limited budgets beat back an attack when some of the world’s largest organizations and governments have succumbed?

That question brought together credit unions and security experts from around the country at a Filene Research Institute–hosted colloquium in Newark, New Jersey, earlier this year. The multifaceted challenge demands an increased focus on quickly discovering and addressing attacks, the importance of collaboration and networking, the need to improve vendor management, encryption, enhanced staffing, training and education, balancing and owning risk, and delivering on the promise to protect members’ confidential information.

You shouldn’t worry about if your credit union will be hacked, but when. Take the needed steps to protect your organization and maintain members’ trust. Here are some good places to start:

  • Invest appropriately in staffing, education, and training. Hire the right people to deal with your information security and technology and ensure staff have the information and tools they need to avoid becoming part of your cyber problems. Employees have played an outsize role in a large percentage of cyber threats. According to the Department of Homeland Security, 71% of cyber threats come through phishing, so address the risk through education and training.
  • Have dedicated information security staff. Information security is a critical responsibility and needs to be prioritized. It’s not enough to assign this responsibility to a vendor or to split people’s responsibilities: make security a staffer’s sole responsibility.
  • Better manage vendors. This issue is huge on regulators’ radar screens. Attackers have found that vendors and contractors are often the chink in an organization’s armor—Target is a prime example—which means it’s critically important to dedicate time and resources to this issue.

Filene thanks its generous partners for making this important research possible:

Report Number 400